所以我环顾四周,到处都说我需要检查我的配置,但对我来说没有意义的是我的应用程序将在不同的计算机上运行,但我用于开发。只是为了提供一些上下文,这个应用程序纯粹是令人满意的令牌认证。这是我的配置的样子:
安全初始化:
@Order(1)
public class SecurityWebappInitializer extends AbstractSecurityWebApplicationInitializer
{
}
App Init:
@Order(2)
public class ApplicationInitializer extends AbstractAnnotationConfigDispatcherServletInitializer
{
@Override
protected Class<?>[] getRootConfigClasses()
{
return new Class[]{RootConfiguration.class, SecurityConfig.class};
}
@Override
protected Class<?>[] getServletConfigClasses()
{
return new Class<?>[]{WebConfiguration.class};
}
@Override
protected String[] getServletMappings()
{
return new String[]{"/", "/rest/*"};
}
@Override
protected Filter[] getServletFilters()
{
CharacterEncodingFilter characterEncodingFilter = new CharacterEncodingFilter();
characterEncodingFilter.setEncoding("UTF-8");
return new Filter[] {characterEncodingFilter};
}
}
SecurityConfig:
@EnableWebSecurity
@EnableGlobalMethodSecurity(jsr250Enabled=true)
public class SecurityConfig extends WebSecurityConfigurerAdapter
{
@Autowired
private NoOpAuthProvider noOpAuthenticationProvider;
@Autowired
private TokenFilter tokenFilter;
public SecurityConfig()
{
super(true);
}
@Override
public void configure(WebSecurity web) throws Exception
{
web
.ignoring()
.antMatchers("/rest/authentication/login")
.antMatchers("/services/**")
.antMatchers("/resources/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception
{
http
.authorizeRequests()
.antMatchers("**").hasRole("RUN").and()
.addFilterAfter(tokenFilter, UsernamePasswordAuthenticationFilter.class)
.exceptionHandling().and()
.logout();
}
@Bean
public AuthenticationManager authenticationManager() throws Exception
{
List<AuthenticationProvider> authenticationProviders = new ArrayList<AuthenticationProvider>();
authenticationProviders.add(noOpAuthenticationProvider);
return new ProviderManager(authenticationProviders);
}
}
WebConfig:
@Configuration
@EnableWebMvc
@ComponentScan(basePackages = "com.example.tinker.web")
public class WebConfiguration extends WebMvcConfigurerAdapter
{
@Autowired
private PrincipalRetrievalService principalRetrievalService;
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry)
{
registry.addResourceHandler("/resources/**").addResourceLocations("resources/").setCachePeriod(31556926);
registry.setOrder(Ordered.HIGHEST_PRECEDENCE);
}
@Override
public void addArgumentResolvers(List<HandlerMethodArgumentResolver> argumentResolvers)
{
argumentResolvers.add(new WebArgumentResolver(principalRetrievalService));
super.addArgumentResolvers(argumentResolvers);
}
}
知道会导致我的问题吗?
答案 0 :(得分:2)
无需实现AbstractSecurityWebApplicationInitializer。 通过ApplicationInitializer / RootConfiguration / @ ComponentScan / SecurityConfig初始化安全性。此外,不需要在getRootConfigClasses中添加SecurityConfig。